v0.9.2

What's Changed

• Add omitempty to UserinfoEndpoint JSON tag by @jhrozek in #3601
• Integration Tests for Embedded Auth Server by @tgrunnagle in #3556
• Adopt env package from toolhive-core by @JAORMX in #3572
• Fix audit middleware file handle leak on shutdown by @jhrozek in #3074
• Update registry from toolhive-registry release v2026.02.05 by @github-actions[bot] in #3612
• Add circuit breaker pattern to vMCP health monitoring by @yrobla in #3528
• add private Git repository authentication for MCPRegistry by @ChrisJBurns in #3577
• Update opentelemetry-go monorepo by @renovate[bot] in #3558
• Add bearer token support for remote auth proxy by @jhrozek in #3386
• Add token endpoint error handling integration tests by @jhrozek in #3611
• Align authserver DCR client scopes with discovery scopes_supported by @jhrozek in #3610
• Add shortNames to MCPServer CRD for consistency by @Nashon-Steffen in #3605
• Add TOML config file support with array-of-tables format by @aponcedeleonch in #3596
• Fix proxy hang on kubectl attach EOF by @rcdailey in #3584
• Add TOML nested tables format support by @aponcedeleonch in #3597
• Extract atomic file write utility to shared fileutils package by @aponcedeleonch in #3613
• Consolidate file locking and fix error handling in config_editor.go by @aponcedeleonch in #3617
• Update module github.com/go-chi/chi/v5 to v5.2.5 by @renovate[bot] in #3619
• Add code-server as a supported client by @dmjb in #3618
• Consolidate path traversal protection in one place by @dmjb in #3620
• Upstream Token Swap Middleware by @tgrunnagle in #3606
• Change workload manager to follow logging best practices by @dmjb in #3621
• Ensure API E2E tests clean up after themselves by @dmjb in #3588
• Bump Go to 1.25.7 to fix crypto/tls vulnerability (GO-2026-4337) by @ChrisJBurns in #3632
• Add OIDC provider methods and ID token validation by @jhrozek in #3580
• Add lazy OIDC discovery with retry by @jhrozek in #3579
• Add CEL-based AWS STS role mapper for claim-based IAM role selection by @jhrozek in #3609
• fix(#3636): allow composite tools to use filtered backend tools by @jerm-dro in #3637
• Implement bearer token controller logic and environment variable management by @amirejaz in #3487
• Complete vMCP circuit breaker configuration and testing by @yrobla in #3615
• Update registry from toolhive-registry release v2026.02.06 by @github-actions[bot] in #3641
• Update module github.com/aws/aws-sdk-go-v2 to v1.41.1 by @renovate[bot] in #3640
• Add MistralVibe and Codex client configurations by @aponcedeleonch in #3594
• Update anthropics/claude-code-action digest to 006aaf2 by @renovate[bot] in #3633
• Update ghcr.io/stacklok/thv-registry-api Docker tag to v0.5.3 by @renovate[bot] in #3626
• Update anthropics/claude-code-action digest to b113f49 by @renovate[bot] in #3643
• Standardize proxy port field in MCPRemoteProxy by @slyt3 in #3257
• Consolidate list of supported clients in one place by @dmjb in #3644
• Add skill domain types, service interface, and HTTP client stub by @JAORMX in #3660
• Update renovate config to keep go.mod up to date by @dmjb in #3664
• Add hidden skill CLI command stubs by @JAORMX in #3668
• Add skill REST API route stubs and ServerBuilder wiring by @JAORMX in #3666
• Add Clients field to InstalledSkill by @JAORMX in #3667
• run task docs by @JAORMX in #3669
• Fix flakey unit tests by @dmjb in #3665
• Add missing mocks for skills service by @dmjb in #3670
• Bump Alpine base image in Go template to latest, pin by @dmjb in #3657
• Add publisher-provided extensions types and nested Kubernetes metadata by @rdimitrov in #3671
• Release v0.9.2 by @stacklokbot in #3672

New Contributors

• @Nashon-Steffen made their first contribution in #3605
• @rcdailey made their first contribution in #3584

Full Changelog: v0.9.1...v0.9.2